@kernel.chat/kbot 3.99.20 → 3.99.22

package/README.md

@@ -126,6 +126,16 @@ kbot attack_surface_scan --domain x.com    # Passive recon + security headers
 kbot incident_response --type ransomware   # Generate IR playbook
 ```
 
+### Design From Your Terminal
+
+```bash
+kbot design "a minimal pitch deck cover for our product" --kind deck --pdf --open
+kbot design "landing page hero with our brand colors" --kind page
+kbot design "interactive prototype of a chat inbox" --kind prototype
+```
+
+Local-first alternative to Anthropic's Claude Design. kbot reads your repo's CSS design tokens, typography, and component patterns, then generates a single complete HTML file — no external deps, mobile-first, a11y-clean — that matches your visual system. Optional Playwright-backed PDF export. Runs on your local model at $0, ships with `@kernel.chat/kbot`. No subscription, no upload, no cloud.
+
 ### Audit Any Repo in One Command
 
 ```
@@ -151,6 +161,7 @@ Checks security, documentation, code quality, CI/CD, community health, and DevOp
 | Buddy companion | Yes (8 species) | No | No | No | No |
 | iPhone control | Yes | No | No | No | No |
 | Music production | Ableton Live | No | No | No | No |
+| Visual design | `kbot design` (local, $0) | Separate Claude Design subscription | No | No | No |
 | Financial analysis | Multi-agent | No | No | No | No |
 | Threat intelligence | Yes | No | No | No | No |
 | Buddy leaderboard | kernel.chat | No | No | No | No |

package/dist/agent.js

@@ -1084,6 +1084,8 @@ Always quote file paths that contain spaces. Never reference internal system nam
     let toolCallCount = 0;
     let lastResponse = null;
     const toolSequenceLog = [];
+    // Adversarial critic: track per-(tool+args) retry counts so we don't loop forever on reject.
+    const criticRetryCounts = new Map();
     const toolSequenceWithArgs = [];
     const originalMessage = message;
     let cumulativeCostUsd = 0;
@@ -1726,6 +1728,27 @@ Always quote file paths that contain spaces. Never reference internal system nam
                     error: !!ctx.error || ctx.aborted,
                     duration_ms: ctx.durationMs,
                 };
+                // ── Adversarial critic gate (generator/discriminator on tool output) ──
+                if (!result.error && process.env.KBOT_NO_CRITIC !== '1') {
+                    try {
+                        const { gateToolResult } = await import('./critic-gate.js');
+                        const key = `${call.name}::${JSON.stringify(call.arguments || {}).slice(0, 200)}`;
+                        const prior = criticRetryCounts.get(key) || 0;
+                        const verdict = await gateToolResult(call.name, call.arguments || {}, result.result, {});
+                        if (!verdict.accept) {
+                            if (prior >= 2) {
+                                result.result = `[critic-warning: ${verdict.reason || 'rejected'} — accepted after ${prior} retries] ${result.result}`;
+                            }
+                            else {
+                                criticRetryCounts.set(key, prior + 1);
+                                result.result = `[critic-reject] ${verdict.reason || 'output rejected'}\n` +
+                                    `Retry hint: ${verdict.retry_hint || 'Try different arguments or a different tool.'}\n` +
+                                    `Original output (for reference, do not trust):\n${result.result.slice(0, 1000)}`;
+                            }
+                        }
+                    }
+                    catch { /* critic is non-critical */ }
+                }
                 results.push(result);
                 ui.onToolCallEnd(call.name, result.result, result.error ? result.result : undefined, result.duration_ms);
                 // Update buddy mood based on tool outcome (content-aware reactions)

package/dist/agents/producer.js

@@ -9,48 +9,90 @@ export const PRODUCER_PRESET = {
 
 You don't suggest — you execute. When Isaac says "add reverb to the vocals", you add the reverb. When he says "write me a chord progression", you write the MIDI. You act through kbot's Ableton tools which send OSC commands directly to Ableton Live.
 
-## Your Tools
+## Your Tools — 21 Ableton tools + 4 bridge tools + Serum 2 + M4L + computer-use fallback
 
 ### Session Awareness
-- **ableton_session_info** — ALWAYS call this first to understand the current session state (tracks, clips, tempo, devices, what's playing)
-- **ableton_knowledge** — Query the deep knowledge base for device parameters, effect chains, mixing advice, genre templates
+- **ableton_session_info** — ALWAYS call this first to understand the session state (tracks, clips, tempo, devices, what's playing)
+- **ableton_knowledge** — Query the deep knowledge base for device parameters, effect chains, mixing, genre templates
 
-### Transport & Navigation
-- **ableton_transport** — Play, stop, record, set tempo, time signature, seek to position
+### Transport & Song
+- **ableton_transport** — play, stop, record, tempo, time_sig, seek
+- **ableton_song** — undo, redo, tap_tempo, metronome, punch_in/out, cue points (add/delete/next/prev/jump), loop + loop_start + loop_length, back_to_arranger, capture_midi, stop_all_clips, groove, record_mode (arrangement record), jump_by, status. Use this for anything at the song level the transport tool doesn't cover.
 
-### Track Operations
-- **ableton_track** — List, create, mute, solo, arm, rename, volume, pan, color, delete tracks
+### Tracks
+- **ableton_track** — list, mute, solo, arm, volume, pan, rename, info, color (0-69), monitoring (in/auto/off), input_routing, output_routing, **set** (generic escape hatch over any AbletonOSC track setter)
+- **ableton_create_track** — create midi / audio / **return** track, optionally auto-load an instrument on midi tracks
 
-### Clip & Scene Control
-- **ableton_clip** — Fire, stop, create, delete, duplicate clips in session view
-- **ableton_scene** — Fire, list, create, duplicate scenes
+### Clips
+- **ableton_clip** — fire, stop, create, delete, duplicate, info, list, **set** (generic setter — use property=name to change any clip property: gain, pitch_coarse, pitch_fine, loop_start, loop_end, start_marker, end_marker, velocity_amount, color_index, launch_mode, launch_quantization, warp_mode, warping, legato, muted, ram_mode)
+
+### Scenes
+- **ableton_scene** — fire, list, create, duplicate, rename
+
+### View & Selection (drive the Ableton cursor)
+- **ableton_view** — get/set the currently selected scene, track, clip, or device. Use set before opening a device to put the UI where the user can see it.
 
 ### MIDI & Composition
-- **ableton_midi** — Write/read/clear MIDI notes in clips (pitch, velocity, duration arrays)
-- **ableton_create_progression** — Generate chord progressions from natural language and write directly into clips. Supports:
+- **ableton_midi** — write/read/clear MIDI notes. notes param is JSON: [{"pitch":60,"start":0,"duration":1,"velocity":100}]
+- **ableton_create_progression** — chord progressions as MIDI from natural language:
   - Roman numerals: "ii V I" in any key
   - Chord symbols: "Cmaj7 Am7 Fmaj7 G7"
   - Named progressions: "Andalusian cadence", "Coltrane changes", "12-bar blues"
   - 6 voicing styles: close, open, drop-2, drop-3, spread, shell
-  - Rhythm patterns: whole, half, quarter, eighth, arpeggiated
+  - Rhythm: whole, half, quarter, eighth, arpeggio_up, arpeggio_down
+
+### Instruments, Samples, Drum Racks
+- **ableton_load_plugin** — load any native or VST/AU instrument by name. OSC-first, falls back to AppleScript browser automation on macOS.
+- **ableton_load_sample** — load a sample (wav/aif) from User Library into a Drum Rack pad
+- **ableton_build_drum_rack** — one-shot: create rack + load samples + write pattern
 
 ### Mixing & Effects
-- **ableton_device** — List devices on tracks, get/set any parameter, enable/disable, browse by name
-- **ableton_mixer** — Snapshot all levels, batch-set volumes/pans/sends, crossfader
+- **ableton_device** — list, params, set, enable, disable, info
+- **ableton_mixer** — snapshot all levels, batch-set volumes/pans, set sends
+- **ableton_load_effect** — load an audio effect onto a track
+- **ableton_effect_chain** — build multi-device effect chains in one call
+- **ableton_browse** / **ableton_load_preset** — navigate the library, load presets
+
+### Audio Analysis
+- **ableton_audio_analysis** — real-time L/R RMS meters, peak detection, per-track or master
+
+### Serum 2 (Xfer Records synth, 542 parameters)
+- **serum2_preset** — list kbot's built-in Serum 2 presets, install them to Serum's User folder, or create a new .SerumPreset file from parameter overrides. Use this when Isaac wants a Serum sound designed programmatically rather than tweaked by hand.
+
+### Custom Max-for-Live devices (kbot's own, in ~/Music/Ableton/User Library)
+9 instruments/effects Isaac built: kbot-auto-pilot, kbot-bass-synth, kbot-dj-fx, kbot-drum-synth, kbot-genre-morph, kbot-hat-machine, kbot-pad-synth, kbot-riser-engine, kbot-sidechain. Load them via **ableton_load_plugin** with name="kbot-bass-synth" etc.
 
-### Music Theory
+### Music Theory Helpers
 - **magenta_continue** — AI melody continuation from a seed
 - **magenta_harmonize** — Generate harmonically aware chord progressions
 - **magenta_drumify** — Generate genre-specific drum patterns
 
-## Workflow Protocol
+### Computer-use fallback (when OSC can't do it)
+For operations AbletonOSC doesn't expose — drag-and-drop from browser, Max-device internal UI, some preference dialogs, some VST wrapper UI — fall back to Claude's computer-use MCP:
+- **mcp__computer-use__screenshot** to see the current UI
+- **mcp__computer-use__left_click** / **double_click** / **type** / **key** to drive it
+- Pattern for loading a device the OSC path can't: (1) focus the target track with ableton_view set track, (2) click the Instruments panel in the browser (left sidebar), (3) click the search field and type the device name, (4) double-click the result. This also works for audio effects, presets, and samples.
+
+If OSC's ableton_load_plugin reports success but ableton_device list shows no device, silently fall through to the computer-use path — don't tell Isaac it failed unless both paths fail.
+
+## Workflow Protocol — OSC + computer-use as ONE surface
+
+**You can control every inch of Ableton.** OSC handles the programmatic 95%. For anything OSC can't reach, computer-use closes the gap. Never tell Isaac "that's not supported" without trying the fallback path first.
+
+1. **Always check state first**: Call ableton_session_info before any operation so you know what tracks exist, what's armed, what's playing.
+2. **Track numbers**: Isaac says "track 1" (1-based), OSC uses 0-based. Always convert: track 1 = index 0.
+3. **Find by name**: If Isaac says "the bass track" or "the drums", scan track names from session_info and match.
+4. **Chain operations**: For complex requests, chain multiple tool calls. "Set up a house track" = create tracks + set tempo + add instruments + add effects + write MIDI patterns. Don't ask for permission on each step — execute the whole chain and report the result.
+5. **Report musically**: Don't say "set parameter 3 to 0.7". Say "set the reverb decay to 3.2 seconds" or "compressed the vocals at 4:1 with a medium attack".
+6. **Use knowledge**: Before adding effects, check ableton_knowledge for the best device and parameter settings for the goal.
+7. **Verify, don't assume**: After loading a plugin or creating a track, list devices or query to confirm it actually took. OSC calls can return OK and still silently drop on the Live side.
+8. **Fallback protocol (OSC → computer-use)**: When an OSC write returns OK but the verification read shows nothing happened — OR when the operation is inherently UI-only (drag-drop from browser to track, internal Max UI, VST wrapper settings, preset scrolling in Live's native browser, device presets in VST3 wrapper) — immediately fall through to computer-use. Sequence: ableton_view set track → screenshot → click → type → double_click → screenshot to confirm. No narrative between steps; just execute.
+9. **Arrangement vs session**: Isaac works in session view by default. For arrangement work, use ableton_song back_to_arranger to switch, then record_mode for arrangement recording, jump_by for timeline navigation.
+10. **Session lock**: If computer-use is needed, kbot's own computer-use tools (--computer-use flag) share a lock file. Prefer Claude's native computer-use MCP (mcp__computer-use__*) which is independent.
+
+## What "full control" means here
 
-1. **Always check state first**: Call ableton_session_info before any operation so you know what tracks exist, what's armed, what's playing
-2. **Track numbers**: Isaac says "track 1" (1-based), OSC uses 0-based. Always convert: track 1 = index 0
-3. **Find by name**: If Isaac says "the bass track" or "the drums", scan track names from session_info and find the matching index
-4. **Chain operations**: For complex requests, chain multiple tool calls. "Set up a house track" = create tracks + set tempo + add instruments + add effects + write MIDI patterns
-5. **Report musically**: Don't say "set parameter 3 to 0.7". Say "set the reverb decay to 3.2 seconds" or "compressed the vocals at 4:1 with a medium attack"
-6. **Use knowledge**: Before adding effects, check ableton_knowledge for the best device and parameter settings for the goal
+You have write access to every AbletonOSC address (transport, song, track, clip, scene, device, view, mixer, MIDI, routing). For the operations Ableton exposes only through its UI, you have computer-use. Between them, the set of "things I can make Ableton do" equals the set of "things a human producer can make Ableton do." The only thing you cannot do is hear — so Isaac remains the ears. Everything else is executable.
 
 ## Deep Ableton Knowledge
 

package/dist/auth.d.ts

@@ -20,6 +20,8 @@ export interface KbotConfig {
     byok_enabled?: boolean;
     byok_provider?: ByokProvider;
     kernel_token?: string;
+    critic_enabled?: boolean;
+    critic_strictness?: number;
 }
 export declare function loadConfig(): KbotConfig | null;
 export declare function saveConfig(config: KbotConfig): void;

package/dist/cli.js

@@ -971,10 +971,13 @@ async function main() {
     });
     program
         .command('growth')
-        .description('See how you\'ve evolved as a builder — milestones, efficiency gains, knowledge arc')
-        .action(async () => {
-        const { generateGrowthReport } = await import('./introspection.js');
-        process.stderr.write(generateGrowthReport());
+        .description('See how kbot has improved at your tasks — tool success rate, routing accuracy, learned patterns')
+        .option('--json', 'Output JSON instead of pretty table')
+        .option('--days <n>', 'Compare last N days vs prior N days', '7')
+        .action(async (opts) => {
+        const { runGrowth } = await import('./growth.js');
+        const days = opts.days ? Number.parseInt(opts.days, 10) : 7;
+        runGrowth({ json: opts.json, days: Number.isFinite(days) && days > 0 ? days : 7 });
     });
     program
         .command('decisions')

package/dist/critic-gate.d.ts

@@ -0,0 +1,29 @@
+/**
+ * Critic Gate — adversarial discriminator on tool outputs.
+ * Generator/discriminator pattern: critic reviews each tool result before the
+ * main LLM sees it. Fast path auto-accepts trivial results. Config via
+ * ~/.kbot/config.json: critic_enabled (bool), critic_strictness (0..1).
+ * Hard disable: env KBOT_NO_CRITIC=1.
+ */
+import { type RFClass } from './critic-taxonomy.js';
+export interface CriticVerdict {
+    accept: boolean;
+    reason?: string;
+    retry_hint?: string;
+    confidence: number;
+    /** RF taxonomy class when a rule-based classifier fired (arXiv:2601.22208). */
+    failure_class?: RFClass;
+}
+export interface GateOpts {
+    strictness?: number;
+    provider?: string;
+    /** Optional LLM client override — takes user prompt, returns raw text. For testing. */
+    llmClient?: (userPrompt: string) => Promise<string>;
+}
+/**
+ * Gate a tool result through the adversarial critic.
+ * Never throws — on any failure, returns accept=true with low confidence so
+ * the agent loop is never blocked by the critic itself.
+ */
+export declare function gateToolResult(tool: string, args: Record<string, unknown>, result: unknown, opts?: GateOpts): Promise<CriticVerdict>;
+//# sourceMappingURL=critic-gate.d.ts.map

package/dist/critic-gate.js

@@ -0,0 +1,223 @@
+/**
+ * Critic Gate — adversarial discriminator on tool outputs.
+ * Generator/discriminator pattern: critic reviews each tool result before the
+ * main LLM sees it. Fast path auto-accepts trivial results. Config via
+ * ~/.kbot/config.json: critic_enabled (bool), critic_strictness (0..1).
+ * Hard disable: env KBOT_NO_CRITIC=1.
+ */
+import { loadConfig } from './auth.js';
+import { classifyToolResult } from './critic-taxonomy.js';
+const TRUSTED_TOOLS = new Set([
+    'read', 'read_file', 'kbot_read', 'kbot_read_file',
+    'glob', 'kbot_glob', 'grep', 'kbot_grep', 'list_directory', 'ls',
+    'git_status', 'git_log', 'git_diff', 'git_branch',
+    'terminal_cwd', 'env_check', 'memory_recall', 'memory_search',
+]);
+const ERROR_KEYWORDS = [
+    'tool error:', 'error:', 'enoent', 'permission denied', 'eacces',
+    'not found', 'failed to', 'traceback', 'stack trace',
+    'undefined is not', 'cannot read prop', 'refused',
+];
+const MAX_ARGS_CHARS = 500;
+const MAX_RESULT_CHARS = 2000;
+const TRIVIAL_MAX_BYTES = 10 * 1024;
+function truncate(s, max) {
+    if (s.length <= max)
+        return s;
+    return s.slice(0, max) + `\n…[truncated, original ${s.length} chars]`;
+}
+function toText(x) {
+    if (x == null)
+        return '';
+    if (typeof x === 'string')
+        return x;
+    try {
+        return JSON.stringify(x);
+    }
+    catch {
+        return String(x);
+    }
+}
+function hasErrorKeyword(text) {
+    const lower = text.toLowerCase();
+    return ERROR_KEYWORDS.some(k => lower.includes(k));
+}
+/** True if the result is plausibly fine without calling a critic LLM. */
+function isTriviallyValid(tool, resultText) {
+    if (!resultText || resultText.trim().length === 0)
+        return false;
+    if (resultText.length > TRIVIAL_MAX_BYTES)
+        return false;
+    if (hasErrorKeyword(resultText))
+        return false;
+    if (TRUSTED_TOOLS.has(tool))
+        return true;
+    return false;
+}
+function resolveCriticProvider(override) {
+    const cfg = loadConfig();
+    const provider = (override || cfg?.byok_provider || 'anthropic').toLowerCase();
+    const localModel = cfg?.default_model && cfg.default_model !== 'auto' ? cfg.default_model : 'llama3.2:3b';
+    if (provider === 'ollama' || provider === 'kbot-local') {
+        return { provider, model: localModel, apiKey: 'local', apiUrl: 'http://localhost:11434/v1/chat/completions' };
+    }
+    if (provider === 'openai') {
+        if (!cfg?.byok_key)
+            return null;
+        return { provider: 'openai', model: 'gpt-4o-mini', apiKey: cfg.byok_key, apiUrl: 'https://api.openai.com/v1/chat/completions' };
+    }
+    if (!cfg?.byok_key)
+        return null;
+    return { provider: 'anthropic', model: 'claude-haiku-4-5', apiKey: cfg.byok_key, apiUrl: 'https://api.anthropic.com/v1/messages' };
+}
+const CRITIC_SYSTEM = 'You are a strict senior engineer reviewing a tool output. ' +
+    'Did this tool call produce a useful, correct, non-hallucinated result ' +
+    'for the stated intent? Return ONLY JSON with keys: ' +
+    '{"accept": bool, "reason": string, "retry_hint": string, "confidence": number between 0 and 1}. ' +
+    'No prose, no code fences — JSON only.';
+function buildUserPrompt(tool, args, result) {
+    const argsText = truncate(toText(args), MAX_ARGS_CHARS);
+    const resultText = truncate(toText(result), MAX_RESULT_CHARS);
+    return `TOOL: ${tool}\n\nARGS:\n${argsText}\n\nRESULT:\n${resultText}`;
+}
+function parseVerdict(text) {
+    if (!text)
+        return null;
+    // Strip fences/prose; grab first {...} object.
+    const match = text.match(/\{[\s\S]*\}/);
+    if (!match)
+        return null;
+    try {
+        const raw = JSON.parse(match[0]);
+        const confidence = typeof raw.confidence === 'number'
+            ? Math.max(0, Math.min(1, raw.confidence))
+            : 0.5;
+        return {
+            accept: !!raw.accept,
+            reason: typeof raw.reason === 'string' ? raw.reason : undefined,
+            retry_hint: typeof raw.retry_hint === 'string' ? raw.retry_hint : undefined,
+            confidence,
+        };
+    }
+    catch {
+        return null;
+    }
+}
+async function callAnthropic(p, userPrompt) {
+    const res = await fetch(p.apiUrl, {
+        method: 'POST',
+        headers: {
+            'Content-Type': 'application/json',
+            'x-api-key': p.apiKey,
+            'anthropic-version': '2023-06-01',
+        },
+        body: JSON.stringify({
+            model: p.model,
+            max_tokens: 256,
+            system: CRITIC_SYSTEM,
+            messages: [{ role: 'user', content: userPrompt }],
+        }),
+        signal: AbortSignal.timeout(15_000),
+    });
+    if (!res.ok)
+        throw new Error(`critic HTTP ${res.status}`);
+    const data = await res.json();
+    return (data.content || []).filter(b => b.type === 'text').map(b => b.text || '').join('');
+}
+async function callOpenAICompat(p, userPrompt) {
+    const headers = { 'Content-Type': 'application/json' };
+    if (p.apiKey && p.apiKey !== 'local')
+        headers['Authorization'] = `Bearer ${p.apiKey}`;
+    const res = await fetch(p.apiUrl, {
+        method: 'POST',
+        headers,
+        body: JSON.stringify({
+            model: p.model,
+            max_tokens: 256,
+            messages: [
+                { role: 'system', content: CRITIC_SYSTEM },
+                { role: 'user', content: userPrompt },
+            ],
+        }),
+        signal: AbortSignal.timeout(15_000),
+    });
+    if (!res.ok)
+        throw new Error(`critic HTTP ${res.status}`);
+    const data = await res.json();
+    return data.choices?.[0]?.message?.content || '';
+}
+/**
+ * Gate a tool result through the adversarial critic.
+ * Never throws — on any failure, returns accept=true with low confidence so
+ * the agent loop is never blocked by the critic itself.
+ */
+export async function gateToolResult(tool, args, result, opts = {}) {
+    if (process.env.KBOT_NO_CRITIC === '1') {
+        return { accept: true, confidence: 1, reason: 'critic disabled via env' };
+    }
+    const cfg = loadConfig();
+    if (cfg && cfg.critic_enabled === false) {
+        return { accept: true, confidence: 1, reason: 'critic disabled in config' };
+    }
+    const strictness = typeof opts.strictness === 'number'
+        ? opts.strictness
+        : (typeof cfg?.critic_strictness === 'number' ? cfg.critic_strictness : 0.5);
+    const resultText = toText(result);
+    // Fast path.
+    if (isTriviallyValid(tool, resultText)) {
+        return { accept: true, confidence: 0.9, reason: 'trivial-valid fast path' };
+    }
+    // Rule-based RF classifier — cheap, no LLM. High-confidence hits short-circuit.
+    const rf = classifyToolResult(resultText);
+    if (rf && rf.confidence >= 0.8) {
+        return {
+            accept: false,
+            confidence: rf.confidence,
+            reason: `${rf.class}: ${rf.evidence}`,
+            retry_hint: 'Taxonomy match — try different arguments or a different tool.',
+            failure_class: rf.class,
+        };
+    }
+    const userPrompt = buildUserPrompt(tool, args, resultText);
+    let callLLM;
+    if (opts.llmClient) {
+        callLLM = opts.llmClient;
+    }
+    else {
+        const provider = resolveCriticProvider(opts.provider);
+        if (!provider) {
+            // No usable provider — degrade gracefully.
+            return { accept: true, confidence: 0.3, reason: 'no critic provider available' };
+        }
+        callLLM = provider.provider === 'anthropic'
+            ? (pr) => callAnthropic(provider, pr)
+            : (pr) => callOpenAICompat(provider, pr);
+    }
+    try {
+        const text = await callLLM(userPrompt);
+        const verdict = parseVerdict(text);
+        if (!verdict) {
+            return { accept: true, confidence: 0.3, reason: 'critic returned unparseable output' };
+        }
+        // Strictness gate: require verdict.confidence >= strictness when rejecting,
+        // and if accepting with very low confidence and strictness is high, flip to reject.
+        if (!verdict.accept && verdict.confidence < Math.max(0.1, 1 - strictness)) {
+            // The critic rejected but wasn't very sure — let it pass with warning.
+            return { ...verdict, accept: true, reason: `soft-accept: ${verdict.reason || 'low-confidence reject'}` };
+        }
+        if (verdict.accept && strictness > 0.8 && verdict.confidence < 0.3) {
+            return {
+                accept: false,
+                confidence: verdict.confidence,
+                reason: 'strict mode: accepted with very low confidence',
+                retry_hint: verdict.retry_hint || 'Verify output shape and re-run with stricter arguments.',
+            };
+        }
+        return verdict;
+    }
+    catch {
+        // Critic call failed — never block the agent loop.
+        return { accept: true, confidence: 0.2, reason: 'critic call failed' };
+    }
+}
+//# sourceMappingURL=critic-gate.js.map

package/dist/critic-retrospect.d.ts

@@ -0,0 +1,64 @@
+/**
+ * Critic Retrospect — retroactive judgement of past session tool calls.
+ *
+ * Reads ~/.kbot/observer/session.jsonl, replays tool calls through
+ * gateToolResult (critic-gate.ts), and reports:
+ *   - overall accept/reject ratio
+ *   - tools with highest reject rate (args-validation candidates)
+ *   - rejects that were later retried successfully (critic false positives)
+ *   - sessions ranked by "retries saved" score
+ *   - suggested strictness setting from precision/recall tradeoff
+ *
+ * NB: the observer only logs {ts, tool, args, session} — no results.
+ * We synthesize a *result proxy* from retry behaviour: a call whose exact
+ * (tool, args-hash) recurs inside the same session within RETRY_WINDOW_MS
+ * is treated as having implicitly failed the first time. The critic is
+ * passed this synthesized signal so it can judge on intent + shape.
+ *
+ * Cache: ~/.kbot/critic-cache.json — keyed by (tool, argsHash, resultHash).
+ *
+ * CLI wiring: cli.ts was modified in parallel; leaving subcommand wiring
+ * as a TODO. Invoke via `node -e "import('./dist/critic-retrospect.js').then(m => m.run())"`.
+ */
+export interface RetrospectOpts {
+    sessions?: number;
+    strictness?: number;
+    jsonOut?: string;
+    maxCallsPerSession?: number;
+    /** Injectable for tests. */
+    llmClient?: (userPrompt: string) => Promise<string>;
+}
+export interface RetrospectReport {
+    totalCalls: number;
+    sessionsScanned: number;
+    sessionsAvailable: number;
+    accepts: number;
+    rejects: number;
+    byTool: Record<string, {
+        total: number;
+        accepts: number;
+        rejects: number;
+    }>;
+    topRejectRate: Array<{
+        tool: string;
+        total: number;
+        rejectRate: number;
+    }>;
+    likelyFalsePositives: Array<{
+        tool: string;
+        session: string;
+        retryGap: number;
+        reason?: string;
+    }>;
+    sessionsRanked: Array<{
+        session: string;
+        calls: number;
+        retriesSaved: number;
+        score: number;
+    }>;
+    suggestedStrictness: number;
+    precision: number;
+    recall: number;
+}
+export declare function run(opts?: RetrospectOpts): Promise<RetrospectReport>;
+//# sourceMappingURL=critic-retrospect.d.ts.map